Critical thinking on arrest of spammer

Robert Alan Soloway was arrested this month and charged with nearly three dozen counts ranging from wire fraud to identity theft to money laundering. He pleaded not guilty on all counts. The feds are seeking about US$773,000 in damages and forfeiture of other assets and if convicted, Soloway would face possible jail time.

Soloway's arrest gives the loose affiliation of good guys a battle victory, for sure. "A very good day," said one Microsoft lawyer. A statement from The Spamhaus Project, with its long list of acknowledgments, sounded almost like an acceptance speech. The DOJ giddily crowned Soloway the "Spam King" in its announcement of the indictment, and the AP story cited federal authorities who suggested that people could see a decrease in junk e-mail. One researcher noted that a behind-the-scenes positive to emerge is the level of cooperation between DOJ and industry that led to the arrest. "Data was gathered and shared between the two groups, which is uncommon."

So they've won the battle. Back slaps all around. But how's the war going? Not well. Does Soloway's arrest mark a turning point? Not really. What does the arrest mean, really? Not that much, yet.

That's key. Arrests, even convictions won't help fix a problem as big and complex as malware. Think of drugs, another chronic social ill. Even major drug busts--even bringing down a major supplier--hardly disrupts the market. And harsh sentences alone won't even scare spammers straight, since theory generally holds that the likelihood of getting caught is equally or more important, as severity of punishment in deterring crime. One arrest, within the U.S. borders, isn't likely to make overseas spam syndicates think twice about their business.

Soloway' is far more valuable to the DOJ and as an ongoing source of intelligence than he is as a jailbird. So it's only a "very good day" if prosecutors can parlay it into ongoing cooperation from Soloway (in exchange for something, of course). Flip him and use his knowledge to further disrupt the spam marketplace. Convict him and it just leaves a temporary void that will be filled by another spammer.

"As for a dent in global spam," Nazario concedes, "probably minimal."

Another researcher, who requested anonymity because of his undercover work in this community, was equally skeptical. "I'd call it a rare temporary victory," he says. "He's just one spammer of many. He goes down and another will pop up taking his place."

That's how markets work. As long as the demand is there and nothing is interrupting supply, someone will meet it. Whatever business Soloway loses will be happily picked up by the other four of the Top 5 spammers. Some of the Russian spam syndicates might even view Soloway's arrest as a potential boon.

The idea that spam will decrease because of one arrest is, putting it generously, puzzling. Soloway distributed spam the way everyone does, using botnets. Those computers remain infected and capable of distributing spam. Unless Soloway acted completely on his own, someone else with knowledge of the network can commandeer it. The guy was smart enough to become a top 5 spammer (though admittedly also dense enough to flaunt his success) one can presume he's planned for this contingency.

What's more, on the technical front, the news is not good. iFraming, the trendy method of distributing bots, is out of control. Graham Clueley of the anti-malware vendor Sophos notes that his company is seeing iFrames illicitly put into 8,000 new web pages per day, or a quarter-million per month. Of those, Clueley says, 70 percent are pages on perfectly legitimate Web sites a typical Web surfer would have no reason to distrust. Experts are concerned by the alarming effectiveness of iFraming. New machines are being infected all the time with more and better bots.

There are battles and there are wars. Full marks to the feds for winning a battle, but there's a long, long way to go. While toasting the victory, it'd probably be a good idea to keep an eye on the flank.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.